916
MFA (lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
[-] possiblylinux127@lemmy.zip 4 points 7 months ago* (last edited 7 months ago)

For one that requires more training and support. However I think the biggest reason is that it is predictable and requires access to the device. You also can't steal a phone number as easily as stealing poorly secured keys

[-] KairuByte@lemmy.dbzer0.com 5 points 7 months ago

Poorly secured keys usually still require device access, unless they are secured so poorly that the individual would be compromised in one of many other ways regardless.

Stealing a phone number requires, at most, paying off an employee at a telco company. At best it just requires a call and some social engineering. And don’t forget, people who leave their phone laying around without a passcode exist.

Now, neither of these are really options for a dragnet approach, they’d need to be targeted. But the fact that one can be done fully remote should be a red flag.

[-] areyouevenreal@lemm.ee 0 points 7 months ago

The issue being what do you do when your phone gets stolen? You can get a new SIM with the same number easily. What's the solution for TOTP?

[-] KairuByte@lemmy.dbzer0.com 1 points 7 months ago

You’re misunderstanding. Totp apps require authentication to use them, be it a password or bio-authentication. SMS does not, it just requires the phone number.

You can get the phone number through any number of ways, but it can be done remotely meaning no one ever interacts with you or your phone. Through various methods, they have your phone number transferred to a different phone, and then have the SMS sent directly to them.

Totp apps (typically) have a backup system in place. 1password as an example, uses their servers to host the data. But you can also back that up. The chances of someone gaining unauthorized access to your Totp account comes down to your security, and which service is chosen. 1password again as an example, is fully encrypted, they can’t see your passwords, if you forget your security token, the only solution is to wipe the entire password store and start again.

The difference in security is mountainous. It’s the difference between a single family home, and a bank vault.

[-] areyouevenreal@lemm.ee 0 points 7 months ago

Yes and muggers ask you for your phone pin. Ask me how I know. I am guessing this is why you need a separate password when using 2FA

I see now that there is a backup in place for losing a phone. That's primarily what I was concerned about.

this post was submitted on 03 Apr 2024
916 points (96.2% liked)

Mildly Infuriating

35455 readers
137 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago
MODERATORS